Solved

SBS 2011 - Exchange 2010 - Delayed incoming email

Posted on 2013-12-11
14
808 Views
Last Modified: 2014-02-11
Hey Guys

I've got a strange thing happening with some incoming emails from certain domains.
A user will send an email out at say 9.08am.
The email is received by the recipient within a minute or so.
The recipient emails back their reply 20min later say 9.27am.
But the doesn't receive the reply until 5.04pm that day.
This is happening in OWA as well as Outlook.

I have checked the connection logs for that time and I can't see any errors.

One thing I noticed in the receive logs is quite a few errors about "4.3.2 Service not available". Though those errors don't really occur at the same time as I'd expect the reply to come in.

Here is a screenshot of the log for one of the days that the issue occurred (however I think that looks like an issue with their printer):
receive connector log
Are there any other logs you would suggest looking at?
Do you think it's more likely the recipients exchange server?

Kind Regards
Aaron
0
Comment
Question by:moncomp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
14 Comments
 
LVL 6

Expert Comment

by:donnk
ID: 39713331
show the full email header for the one where you say the email hits your server at 9:27 but the server doesnt deliver it until 5:04
0
 

Author Comment

by:moncomp
ID: 39713370
Here is the email header info:

Received: from webhosting.x.x.x (x.x.x.x) by myexchangeserver.com
 (192.168.45.10) with Microsoft SMTP Server (TLS) id 14.1.438.0; Mon, 9 Dec
 2013 17:04:06 +0800
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=sendingserver.com;
      h=Received:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language:X-Source:X-Source-Args:X-Source-Dir;
      b=DHkmUqJqbh+bvV3zJkrw+uxqBYIeK3o9QaKRk1DbjDw9GpO75eWJvjUyNFJioQtsCGGfQqYJswecU4AVmx3SCzl2IXg+CHQ2SXyTyP/ciJ7Eeb53/HQQh/6t2qZ7Eqeo;
Received: from [x.x.x.x] (helo=userPC)      by webhosting.x.x.x with esmtpa
 (Exim 4.69)      (envelope-from <sender@sendersdomain.com>)      id
 1VpqYQ-0004Pd-Qn      for user@myexchangeserver.com; Mon, 09 Dec 2013 09:26:38
 +0700
From: Sender <sender@sendersdomaincom>
To: 'User' <user@myexchangeservercom>
References: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
In-Reply-To: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
Subject: RE: SENDERS SUBJECT
Date: Mon, 9 Dec 2013 09:26:38 +0700
Message-ID: <000901cef486$16f47e80$44dd7b80$@sendersdomain.com>
MIME-Version: 1.0
Content-Type: multipart/related;
      boundary="----=_NextPart_000_000A_01CEF4C0.C355C780"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFi1XZufTGydSp2DdoKCVd2eZByYZsjYMZg
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - webhosting.x.x.x
X-AntiAbuse: Original Domain - myexchangeserver.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sendersdomain.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: sender@sendersdomain.com
X-MS-Exchange-Organization-AuthSource: SERVER.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 56DCDF3D23A3BB2505918E
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713384
ok so this his your mail server at  Mon, 09 Dec 2013 09:26:38, now show the tracking log from exchange toolbox for this email.

Also I see the header is being interfered with:

X-AntiAbuse      This header was added to track abuse, please include it with any abuse report

What is doing this ? Is your exchange box the MX record server or are you pulling email from another server ?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:moncomp
ID: 39713389
is this what you are after?
tracking log
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713395
X-AntiAbuse  this looks to be the  issue. Where is it being applied ?
0
 

Author Comment

by:moncomp
ID: 39713405
Good question. That I'm not sure of. How do I track that down? Is that definitely going to be my end, not the recipients end?

Anti-Spam is disabled on the SBS 2011 Exchange server.
Could that be applied by the firewall?
0
 

Author Comment

by:moncomp
ID: 39713407
The server is set as the MX server, it's not using POP3 connector if that's what you meant.
0
 
LVL 6

Expert Comment

by:donnk
ID: 39713416
normally cpanel boxes add it, are these delayed mails always from the same people ?
0
 

Author Comment

by:moncomp
ID: 39713432
I think the user has only complained about two domains only.

I went back over the email history for the sender linked to the above logs.
There only seems to be X-AntiAbuse information attached to email when the email has is being replied to by the sender.

Here is the host that's doing it by the looks from the logs: X-AntiAbuse: Primary Hostname - webhosting.u.net.id

I think that's the senders domain. Maybe their email is housed in cpanel?
0
 
LVL 18

Expert Comment

by:Andrew Davis
ID: 39713435
okay the delay is from webhosting.x.x.x to you. I am going to assume that webhosting.x.x.x is the ISP or smart host being used by the sender, and it is getting bogged down with sending the mail.

to read headers a great tool is http://mxtoolbox.com/EmailHeaders.aspx

Simply paste the headers and it will give you a report that makes more sense.

Cheers
Andrew
0
 

Author Comment

by:moncomp
ID: 39713439
I'll send a query about this this to the IT admin department that manages the host and see what they think.

Many thanks for your help Andrew :)
0
 

Author Comment

by:moncomp
ID: 39713441
hey one thing I notice when I run the read header tool is the total delay is really long.
Total Delay:       23848 seconds
The delay is only showing on my exchange server side.

Do you think I should be concerned about that at all?
0
 

Accepted Solution

by:
moncomp earned 0 total points
ID: 39841061
Hey donnk

Found the issue with Fortigate support.
We updated the firmware to the latest version as their version was quite old.
But then we found someone had configured bandwidth management on all SMTP traffic. We removed and issue has not returned! :)
0
 

Author Closing Comment

by:moncomp
ID: 39849699
found a firewall configuration issue that resolved the problem.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question